Defeating DPA Attacks

If the practice of security is the black art of the IT world, requiring esoteric knowledge and the ability to employ a bag of tricks and specialized techniques to safeguard data, then cryptography is the highest expression of the art.

If the practice of security is the black art of the IT world, requiring esoteric knowledge and the ability to employ a bag of tricks and specialized techniques to safeguard data, then cryptography is the highest expression of the art.
Cryptographers spend their days immersed in the arcana of one-way functions and stream ciphers, dwelling in the shadowy world where computer science and higher math converge.

This discipline is not for the faint of heart; even seasoned, confident security specialists get a little spooked when the conversation turns to subjects such as quantum cryptography or differential power analysis attacks. That fear has not prevented enterprise IT departments from deploying cryptographic devices by the millions during the last few years.

Click here to read an eWEEK Labs review of CryptoCard Corp.s Crypto-Server 6.1.
Its not just authentication or access devices such as smart cards and tokens that rely on cryptographic operations. The use of public-key cryptography is so prevalent in todays world that even postage meters use it.
All these devices also share one other attribute: They leak. Cryptographic devices consume power and emit electromagnetic radiation when power flows through the logic gates that make up semiconductors. The amount of power that is consumed by a device changes in tiny increments during cryptographic operations, and researchers at Cryptography Research Inc. several years ago discovered a way to measure the changes in power usage.
Using those measurements, the researchers were able to gather enough data to find the secret keys involved in the operations.
"DPA [Differential Power Analysis] can be used to break implementations of almost any symmetric or asymmetric algorithm. We have even used the technique to reverse-engineer unknown algorithms and protocols by using DPA data to test hypotheses about a devices computational processes," CRI researchers wrote in their original paper on DPA attacks, "Differential Power Analysis."
Next Page: Advanced Cryptography Goes Mainstream